August 9th, 2012

OAuth World Tour

OAuth World TourSteve and I had another great Tech Talk in Vancouver this week, discussing the recent controversy around OAuth 2.0 and the state of the standard in general. A couple of questions that came up (thank you Michael and David, among others) were around the availability of libraries for iOS and Android platforms.

Although I’m not as familiar with Android, there definitely seems to be a lack of tooling for enabling OAuth 2.0 on iOS today. The lack of client-side libraries for standards-based access control on mobile devices generally could be problematic for API adoption in the enterprise, as mobile applications represent one of the main targets for enterprise APIs.

Facilitating OAuth on mobile applications is going to be central to my presentation at next week’s Chicago Mobile Meetup where I’ve been invited to speak. At the meetup, we’ll be describing client-side OAuth tooling patterns, exchanging our ideas about different approaches and discussing some code samples.

From there, I will be making my way to Australia for an API Management Breakfast Seminar in Melbourne, where I’ll be talking about API Management in general but also covering the latest in OAuth 2.0 solutions. Finally, I’ll be moving on to the Gartner AADI Summit in Sydney, where Layer 7 will be at booth S6.

July 26th, 2012

Programming in the Cloud

CloudDevelop LogoQuite a bit has been written about how the Cloud is altering the landscape for platform, software and infrastructure providers but not as much has been said about what all this means for developers. I recently decided to find out for myself by going on an “all-cloud diet”. In practical terms, this meant I used a sealed netbook or smartphone to do all my work.

Therefore, I had to do all the things an active developer regularly has to do (coding, debugging, testing etc.) from a device that has no appreciable hard-drive space and does not allow the installation of any customer software. In essence, I was on a strict diet of browser-based and plug-in based tools and services reachable via an Internet connection.

In relatively short order I was able to find browser-based editors (even ones that support line-by-line server-side debugging!), tools for managing data stores and code repositories. Furthermore, I was able to post test scripts for execution/review and even deploy my projects to a wide range of server providers – all from my browser.

Along the way, I discovered that I had an easier time collaborating online with colleagues in other locations and was better able to take advantage of the most recent releases of new services and tools (since there was no “install” or “update” I had to manage). And – of course – I was more mobile in the process.

Not all programming languages, runtime environments and server profiles are represented in the cloud. And there are still many details to work out in order to make assembling a full-featured “cloud tool chain” easy, reliable and cost effective. Nevertheless, I can see that it is a possibility and I have met people who are working to make that possibility a reality.

My advice to developers would be: Conduct your own experiments; try out your own “cloud-only diet” and see what you learn. Even if you decide that not all the pieces you need are available, you may still discover there are ways to leverage cloud-based tooling to reduce barriers, add flexibility and increase productivity in various aspects of your development efforts.

I’ll be exploring these issues in greater depth when I present a talk titled Programming with the OSS “Cloud Stack” at the CloudDevelop show in Columbus, OH on August 3.

June 26th, 2012

QCon New York 2012

QCon BannerLast week, Layer 7 was a sponsor at QCon New York, an exciting conference held in Brooklyn. This event dealt with the latest software development trends in several categories including mobile, cloud, big data, architecture and security. As noted in this article from the show, there was quite a bit of focus on the seismic shift in development from server-heavy applications to more agile development using client-focused technologies like HTML5 and JavaScript. These are better suited for mobile and Web use cases, allowing client-side manipulation of data.

However, these technologies are only half the story. The other half is the API that provides a method of interaction with the server. To provide a rich, functional interface, this API must be user-friendly for people and machines. It should be easy to develop against, with or without extensive documentation. And it should be able to represent both the current application state and the operations available to the client. These API design principles were discussed by Layer 7’s Principal API Architect, Mike Amundsen, in his fascinating talk on Wednesday.

QCon was yet another in a long line of analyst, enterprise and developer conferences to draw the same conclusions about the future of enterprise IT. It’s time to look at software development in a new way – and Layer 7 is helping enterprises get on board with these new technologies. Our recently-announced SecureSpan Mobile Access Gateway provides the middleware necessary to adapt internal information assets into secure, optimized APIs consumable by mobile devices for enterprise mobile enablement or BYOD.

June 19th, 2012

Layer 7 at Gartner AADI

Written by
 

Gartner SummitsLayer 7’s UK team will be talking mobile, open APIs and cloud this week at the Gartner Application, Architecture, Development & Integration Summit, in London. We are longstanding supporters of Gartner AADI in the UK, US and Australia because of the value it offers enterprise architects, development managers and integration leaders facing challenges around mobile, APIs and the cloud. As enterprises face more complex hybrid connectivity problems over the coming years, we expect conferences like this will play a central role in providing a gathering place for IT experts tasked with finding solutions.

If you’re attending this year’s London event, come by Layer 7′s booth to learn about our new mobile offerings or enjoy the company of the Queen herself during a special hospitality event, where we’ll be celebrating her Diamond Jubilee. Also, if you get the opportunity, don’t miss the chance to hear Rhys Jones from Royal Bank of Scotland (a Layer 7 customer) talking about his organization’s journey to the cloud.

June 18th, 2012

The Promise of the Web & the Challenge of APIs

Written by
 

QCon LogoOn June 20th, I’ll be presenting a talk at QCon New York on the subject of hypermedia APIs. While the title may sound a bit “heady” for some, we all deal with hypermedia on the Web every day. If you clicked on the links in the first sentence of this blog post, you were using hypermedia.

My role at Layer 7 is to help business leaders, developers and architects design, develop and deploy world-class APIs – ones that work today and will continue to provide value well into the future. While there’s a good bit of material on the strategic importance, drawing power and business opportunities of APIs, I think more information is needed on how to design and implement APIs that will stand the test of time. And that’s what my QCon talk will be about.

The Web was conceived as a “living” system that could easily accommodate new hardware, software and information. The Web’s incredible growth over the last 20 years proves a complex system like the World Wide Web can actually work in this way but it’s rare that an organization’s developer team is able to successfully design and implement an API strategy that exhibits these same characteristics. Too often, API implementations fail to account for the continued evolution and growth of an organization.

But this level of flexibility and reliability is entirely possible, using technologies and methods we already have today. The key to creating a powerful API, it turns out, is in the design of the messages sent back and forth between parties. Reliable and evolvable API design is based not on function calls and shared objects but on hypermedia-style messages.

Two years ago, I started work on a project to analyze and identify important hypermedia factors used on the Web. This work led to a formal definition of “Hypermedia Types” and the creation of a set of H-Factors that can be used in the design process for creating new, powerful APIs that have the flexibility, usability and longevity of HTML pages themselves. In 2011, my book Building Hypermedia APIs with Node & HTML5 was published and – in less than a year – the methodologies and techniques outlined in that book have begun to appear in API designs by Nokia Research, CloudApp, RStatus and others.

My talk will cover not only the basics of Hypermedia APIs but also some of the successes and challenges these (and other) companies encountered in moving from fixed RPC-style application interfaces rooted in local network application models to more powerful and extensible hypermedia-style interfaces that take advantage of the unique aspects of distributed networks and cloud computing.

For those looking not just at the immediate benefits but also the long-term value of a powerful API strategy, QCon is an excellent conference. There are dozens of great talks on all aspects of software development and I’m honored to be participating in this year’s event. I hope you’ll join me there and that you’ll stop by Layer 7′s booth to say “hello”.